When I talk to our customers, one thing they love most about Oort is how closely we tie into their existing technologies. They can integrate their current technologies into Oort and integrate Oort back into their security and messaging tools. Oort is a complementary tool that enables teams to make the most of existing investments.
In this blog, I wanted to explain why we’re investing so heavily in our technology partnerships and how this benefits customers.
Single Pane of Glass
One of the most challenging things about identity security is that an enormous amount of identity data sits across various identity platforms, making it incredibly difficult to have a good high-level view of the situation. IT teams will typically have implemented tools like Okta, Azure AD, or Duo. Unfortunately, these platforms are managed in silos, and security teams are left in the dark.
Identity is a security blindspot for most security teams. Sure, security teams might get events in a SIEM but lack the context of who that user is and what “normal” looks like.
We have built deep integrations with these identity platforms specifically to correct this. Oort pulls in information on users, groups, policies, devices, MFA factors, events, and more to provide a rich view of all identities. And we cover both static data (How are the users and systems set up?), and events (What are those users and accounts doing?).
Identity data doesn’t just sit in traditional identity platforms – it’s everywhere. Google Workspace, for example, is often used as an identity provider by early-stage technology companies. Slack also contains information about users that is critical for understanding who they are and their activities.
While most organizations strive to put their critical business applications behind SSO, sometimes exceptions exist, or some accounts get left behind, creating a gap for hackers to step in. One example of this is Salesforce. You can read more about the risks of doing so in a blog we wrote a couple of weeks ago.
Finally, merging all of these insights with a company’s human resources information system (HRIS) is important. By integrating with the likes of Workday, we can understand more about a user: how long they have been at the company; what their job is; where they are located; and who their manager is. This sort of information is critical to understanding the severity of an incident. For example, should a janitor be editing admin rights in Azure AD?
As you might imagine, this is an enormous amount of data to store and analyze, so we need technology partners to help us deliver these insights to our customers. That’s why Snowflake is such a valued partner for Oort. This enables us to provide our customers with a single pane of glass of their identities.
Contextualization
By merging all of the information described above, Oort provides the context you can’t get anywhere else. But we go one step further and pull in additional data on IP addresses from providers like IPInfo and Brightcloud.
This blended approach enables Oort to deliver identity security insights without the traditional noise associated.
Given how many customers use Oort to speed up investigations into identity-related incidents, this contextualization is vital.
Integrate into Existing Security and IT Processes and Tools
We’re proud Oort is customers' go-to place to investigate users, as we have all of the data they need in one place. But we acknowledge that no security tool can be fully leveraged without becoming fully part of the operational ecosystem as well.
Our customers use workflows in messaging applications like Microsoft Teams and Slack to contact users, managers, or groups. They can easily confirm if an unused application can be removed or contact employees to encourage them to enroll in stronger forms of MFA.
We also need to cater to the various tools and workflows used by the different teams involved. This means helping IT, security, and help desk teams. Oort enables teams to integrate into SIEM platforms (such as Sentinel), and ticketing platforms (such as ServiceNow and Jira).
Expanding our Ecosystem in 2023
With the announcement of our technology partner ecosystem, I can say I am really proud of where the product has gotten. Oort is the only solution that provides the breadth (and, critically, depth) of integration.
But this is just the start. We have exciting and ambitious plans for 2023 as we strive to become the identity security platform of the future, so keep an eye on our release notes!
If you’re curious about Oort or want to partner with us, I’d love to hear from you. Email us at partners@oort.io.